Home > Vulnerability Database > CVE-2024-6376

Mend.io Vulnerability Database

CVE-2024-6376

Good to know:

Date: July 1, 2024

MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. This issue affects MongoDB Compass versions prior to version 1.42.2

Language: TYPE_SCRIPT

Severity Score

7.0

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-6376

Url: https://jira.mongodb.org/browse/COMPASS-7496

Url: https://www.mend.io/vulnerability-database/CVE-2024-6376

Severity Score

7.0

Weakness Type (CWE)

Code Injection

CWE-94

Input Validation

CWE-20

Top Fix

Upgrade Version

Upgrade to version v1.42.2

Learn More

CVSS v3.1

Base Score:	7.0
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-6376

Good to know:

Date: July 1, 2024

Language: TYPE_SCRIPT

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?